this post was submitted on 26 Aug 2024
72 points (93.9% liked)

Asklemmy

43993 readers
1717 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Out of a reflex of distrust, I refuse to participate in any kind of loyalty program of the outlet of the large retail store around the corner.

I tell myself that by refusing to join the loyalty program (which basically comes down to scanning an anonymous loyalty card every time I make a purchase), I prevent them from adding my correlations (what products I buy, in what combos, at what time) to their data.

But since I normally pay by card, I guess they can (and do) already do that with my bank account information?

If I would pay with cash, they can still see those correlations per purchase, but they can't track my purchases over time?

all 30 comments
sorted by: hot top controversial new old
[–] [email protected] 36 points 3 months ago (1 children)

Yes they can and, unfortunately, even if you start paying by cash you'll still be tracked to a certain extent. It is extremely difficult to avoid any kind of purchase tracking because everyone from the private company that manages the lot you park in before going inside, to the retailer, to your bank, to the smart screens in the store, to your fucking smart phone (whether by GPS or wifi network identification) is working together to identify and track you.

It's really fucking hard to go incognito theae days.

[–] semperverus 1 points 3 months ago (1 children)

How much do you think de-googled GrapheneOS with FLOSS-only apps would help?

[–] [email protected] 4 points 3 months ago

For the phone component - immensely... when I vaguely said that "your phone tracks you" most of what I'm talking about is Google/Facebook/Reddit/TikTok/Mobile Ad Networks doing it... I don't believe carriers tend to engage in that bullshit very often (though AT&T has been caught a few times) due to laws around being a communications carrier... it's mostly the social media folks.

[–] [email protected] 25 points 3 months ago (1 children)

If you're walking around with a cellphone turned on with a SIM plugged in or Wi-Fi or Bluetooth turned on (even if not connected to anything), stores still have ways to track you. They won't get your purchase info, but they'd know when you got there, how long you stayed, and maybe where in the store you went (if it's big enough for multiple access points).

Meanwhile, I've just accepted that they'll track me, and I'm fine if they give me a cut. Cashback and such to pay me for my data.

It'd be nice if I got paid for all the ads I see on the internet and outside.

[–] [email protected] 20 points 3 months ago* (last edited 3 months ago) (4 children)

IPhone/android randomize their MAC addresses now to prevent this kind of long term tracking.

Stores will see you walking the store anonymously and be able to create a general customer heatmap, but since this virtual MAC rotates, they won't be able to correlate this to you indivdually long term.

[–] [email protected] 7 points 3 months ago (1 children)

I believe phones broadcast a sort of fingerprint when searching for wifi and/or Bluetooth connections. No MAC address needed!

[–] [email protected] 4 points 3 months ago* (last edited 3 months ago) (2 children)

The MAC is generally the fingerprint. Looks like Apple handles this when searching as well:

https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web

I haven't heard of anything else besides MAC being broadcast during the searching phase. Can you give an example or technical term?

[–] herrvogel 4 points 3 months ago* (last edited 3 months ago)

Phones routinely look for specific SSIDs by their names. Imagine you're strolling through a mall while your appearance changes every 2 seconds, but you keep yelling out the names of 5 other peoole. People will not know who you are really, but they will be able to follow you around because they will know that it's you who yells those 5 names no matter what you look like.

[–] [email protected] 1 points 3 months ago

Whenever wifi is enabled, your device is sending out probe request frames, which includes your list of preferred networks/networks you've connected to before.

Discussion here

More details from an old article

[–] [email protected] 6 points 3 months ago

That, and things like Apple Pay randomize the card number when you pay. It’s why my local grocery store refused to switch to contactless payments for so long. They finally gave in and are piloting it on some stores now.

[–] [email protected] 1 points 3 months ago (1 children)

How does that work for broadcasts from your device, designed to prompt beacons from dorman aps you might have joined before? Once you join it provides a random mac, but before then?

[–] [email protected] 6 points 3 months ago

They use randomized MACs there too.

You can set MACs to not randomize for specific WiFi, but by default it's on and random.

[–] [email protected] 1 points 3 months ago

AI can identify individuals by gait now

[–] Tangent5280 24 points 3 months ago (2 children)

I think paying in cash cuts down on trackin massively. Can you still be tracked? Yes. But are most stores going through the effort? I don't think so. Depends on the store too, I guess.

Maybe my tin foil hat is getting rusty, but to me it just feels like they'll just move on to the next dude who payed by card instead.

[–] [email protected] 13 points 3 months ago (1 children)

"can we have your address for warrantee purposes"?

[–] [email protected] 12 points 3 months ago (1 children)

I always answer "no thank you". It's polite for the worker yet direct. I've never once had someone insist

[–] Tangent5280 16 points 3 months ago

The latest version of this I've seen is fucking fast fashion of all things asking for your phone number to send invoices to, as part of their "digital sustainability initiative". If they really gave a shit they'd set fire to everything the company owned.

[–] [email protected] 6 points 3 months ago (2 children)

Does that mean that anonymous loyalty cards don't really add any extra tracking capabilities?

Then what is the benefit for retailers? That some people don't use those cards and are thus paying too much?

[–] [email protected] 10 points 3 months ago

Most people give their real full name, phone number and email for any loyalty card wothout batting an eye, plus even with anonymized data it's useful to the owners to track correlation of purchases, time, location. Definitively what you said too, we all make mistakes (some more than others), every needless complication of a system is a disadvantage to the customer.

[–] Tangent5280 3 points 3 months ago (1 children)

Loyalty cards are more for getting the customer in the door, right? Usage patterns come second if I understand the model correctly.

[–] [email protected] 2 points 3 months ago

Other way around. Loyalty cards have always been about getting that sweet sweet data about customer habits.

[–] [email protected] 18 points 3 months ago

To the point where Target could figure out when someone was pregnant based on what they purchased.

[–] [email protected] 6 points 3 months ago

I'm guessing you're talking about debit cards. From the Canadian Government: yes.

In detail:

Payment terminals can also be built to feed into a retailer’s "customer relationship management" database so that a retailer can track your purchases and tie those to other information about you, such as your email address, if you have given it to them. Financial institutions and payment card network operators could also profile you based on your purchase information.

This purchase information could potentially be shared and linked with information held by loyalty card companies, data brokers, or marketers.

If it's possible, then it's a revenue stream, so I assume it'd be done.

[–] [email protected] 5 points 3 months ago (1 children)

Wouldn't this be illegal under GDPR as you didn't consent?

[–] [email protected] 5 points 3 months ago (1 children)

You do consent often enough.

At least in Germany, there are at least two companies (Schufa and Experian) who will analyze your account data/money transfers to calculate a score.

Technically, this is legal because they claim to have a legitimate interest in the data and you do have to tick a checkbox.

[–] [email protected] 1 points 3 months ago

In terms of physical POS, I’ve never ticked any boxes in that process.

[–] [email protected] 4 points 3 months ago

I didn't know if debit cards do, but I think credit cards do, which is why they can offer rewards.

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

It probably depends on the store. I habitually pay via physical money, because in the event of a cyberattack I can still use it.

[–] [email protected] 1 points 3 months ago

Yes, a good bit of stores do. I pay in cash generally, and I don't tie my email to my bank account. The nice thing with paying cash is you have a better idea of how much money your spending too.

But as some other users mentioned, some stores have these camera's in the parking lot that track your license plate. Generally park in a way that it cant see it when you enter or leave.